[PATCH 2/2] Add single-threaded fast path to rand()
Adhemerval Zanella Netto
adhemerval.zanella@linaro.org
Fri Mar 22 14:46:18 GMT 2024
On 22/03/24 11:27, Zack Weinberg wrote:
> On Thu, Mar 21, 2024, at 11:53 AM, Adhemerval Zanella Netto wrote:
>> And even if arc4random is explicit a non CPRNG, there were some worries that
>> users might misuse the interface and thus add some security issues.
>
> No opinion about anything else in this thread, but if we add arc4random at all
> it MUST be a CSPRNG. That's a documented guarantee on all the systems that
> do have it, and applications rely on it.
Yeah, this is another point of contention where one might consider that a
userland CPRNG that has no feedback from kernel to where/how to properly
reseed might not be considered a CPRNG.
More information about the Libc-alpha
mailing list